Tavis Ormandy of the Gentoo Linux Security Audit Team has identified a format string vulnerability in the gprostats utility.

Impact

An attacker could exploit the vulnerability by performing a specially crafted FTP transfer, the resulting ProFTPD transfer log could potentially trigger the execution of arbitrary code when parsed by GProFTPD.